set service dns dynamic interface eth0 service ExampleDNS host-name mydomain.example.com
set service dns dynamic interface eth0 service ExampleDNS server dydns.example.com
set service dns dynamic interface eth0 service ExampleDNS protocol dyndns2 # or another, see the completion
...

NAT

SSH

Support for new ciphers: aes128-gcm, aes256-gcm, chacha20-poly1305, 3des-cbc.

A command for (re)-generating the SSH server key pair:

run generate ssh-server-key

Support for user and group access control is a work in progress and the CLI for it is likely to change.

High availability

VRRP now uses a new, more flexible syntax that takes VRRP out of interfaces into its own "high-availability vrrp" subtree. The new syntax is documented here: VRRP.

On upgrade, the old syntax will be automatically converted to the new syntax. Since VRRP group names are now informational and the VRID is defined by the "vrid" option under groups,
old groups will be named $intf-$vrid, for example "eth0.10-10".

Scripting

Script execution

Scripts run from VRRP transition script options, load balancing, and cron jobs now automatically use the correct GID to prevent config permissions issues.

Persistent pre/post-commit hook scripts can now be stored in /config/commit/pre-hooks.d and /config/commit/post-hooks.d

Custom post-upgrade scripts can be stored in /config/scripts/post-update.d

Built-in environment variables

The following environment variables are now available: vyos_prefix, vyos_datarootdir, vyos_bindir, vyos_sbindir, vyos_libdir, vyos_libexecdir,
vyos_datadir, vyos_op_templates, vyos_cfg_templates, vyos_configdir. They should always be used instead of old vyatta_* equivalents or hardcoded paths
for forward compatibility.

Python API for reading the config

The Python module for reading VyOS config is now included in the image and can be used by VyOS features written in Python as well as user scripts. It supports Python3.

Python API for migration scripts

Upgrade notes

If you are upgrading from a release prior to 1.1.0, it is recommended to first upgrade to 1.1.8 before upgrading to 1.2.0. Upgrading directly from older releases may result in a non-bootable image.

Compatibility notes

Telnet server

Telnet server is no longer included in VyOS. It may be re-implemented with different packages if anyone can provide a good reason to do so.

Firewall

p2p filtering is no longer available. We may reimplement it in the future based on better solutions if there's demand for it.

Installation

The "install system" command is no longer available. It has been deprecated ever since image-based installation was introduced in 2010.

Package repositories

The "system package" command family was removed. The only supported upgrade method is image upgrade, and it's easy to build images with custom packages if required.
You can still edit the /etc/apt/sources.list file at your own risk.

Removed commands

The "run reset vrrp master" command was removed due to its fragile implementation and unfortunate interaction with preemption. You can force transition by disabling VRRP groups.

Syntax changes

DNS forwarding

The "service dns forwarding listen-on" is now deprecated and superseded by "service dns forwarding listen-address". It will continue to work with a warning, but may produce unexpected results,
such as listening only on some of the addresses. For best results, specify addresses to listen on with the new "listen-address" option.

BGP

BGP now uses "address-family ipv4-unicast" for all address-family specific options. IPv4-specific global options such as "network" are also under "protocols bgp ... address-family ipv4-unicast" now. Example:

BGP no longer enables IPv4 address family for peers with IPv4 addresses if "no-default-ipv4-unicast" option is set.

SNMP sysDescr and OID

SNMP sysDescr is now "VyOS $version" rather than "Vyatta $version". LibreNMS and Observium already include necessary changes to correctly
recognize VyOS as what it is. Other monitoring systems may need to be reconfigured and/or updated to be made aware of this.

Also, VyOS now uses its own PEN/OID 44641 instead of the old Vyatta one. Most SNMP tools rely only on sysDescr, but those that don't may stop
recognizing VyOS without necessary updates.

Deprecated features

Configs from Vyatta Core releases older than VC 6.5

Since 1.0.0, VyOS has been theoretically capable of loading configs from any Vyatta Community/Core release down to Vyatta 1.0.
VyOS 1.2.0 will be the last release to support backwards compatibility with old versions.

Starting with VyOS 1.3.0, only config files from VyOS 1.0.0 or newer and Vyatta Core 6.5 (released in 2012) or newer will be supported.
The reasons for it are lack of real testing of that compatibility, rarity of such old versions, and need for config migration system overhaul.

Release history

1.2.0

VyOS 1.2.0 was released in January 2019 and will be an LTS release maintained for at least two years.

Known issues

Some people report an issue with routers responding to all ARP requests when VTI is enabled (T852).

The old Bugzilla installation is kept accessible in read only mode for the reference. Below is the list of resolved issues that were created during the Bugzilla time or weren't assigned issue numbers at all.